|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] "Safely" rebuilding a management station?
I have done this many times before. The stop/start of the firewalls to reset SIC is the only downtime that I know of. If the new management station is on a different IP address, you may have to do a fw unloadlocal to allow the management station to talk to the enforcement points. The biggest problem is you cannot make any policy changes while you are rebuilding your management station. I would also recommend looking at Secure Platform or Linux when you rebuild your management station. Not making any comments about whether Windows or Linux is better, but I have had less problems with management station corruption on *nix based installs rather than Windows based installs. (FWIW). Eric "Morhous, John" <[email protected]> Sent by: Mailing list for discussion of Firewall-1 <[email protected]> 08/25/2003 09:31 AM Please respond to Mailing list for discussion of Firewall-1 <[email protected]> To [email protected] cc Subject [FW-1] "Safely" rebuilding a management station? FW's: Checkpoint FP3 on Nokia IP330 IPSO 3.6 (cluster) Mgmt: Windows 2000 Pro SP3 Ran into a problem where our management server configuration has become "bad". Working through support @ Checkpoint, they are saying that there is something screwing up the policy which is causing the FW daemon not to load on the management station. To make a long story short, after searching around for a fix and working with Checkpoint, they are telling us to rebuild the management station. My question: Does anyone have a guide (so-to-speak) of a safe method for rebuilding the management station WITHOUT taking down the FW's (or at least minimizing FW down-time as much as possible)? I realize I'm going to have to rebuild, re-setup central licensing, redo the SIC's, reload the policies, etc, which will require (at least all that I can think of) a cpstop/start on the FW's to take the new SIC, but are there any other "gotchas" out there I'm forgetting? Thanks, -JTM ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
